Authorizing access to telecommunications networks for mobile devices, such as mobile devices accessing networks via non-traditional entry points

ABSTRACT

A system and method for authorizing mobile devices to carrier networks via non-traditional entry points is described. In some examples, the system reviews a registration message sent during establishment of a communication session between the mobile device and the carrier&#39;s network to determine the type of access network used by the mobile device. In some cases, the system may identify the base station controller originating the registration message when determining whether the access request came from an IP-based network or other non-traditional entry point.

BACKGROUND

In this digital age, modern telecommunication service providers anddevice manufacturers are increasingly relying on public and/or privateIP networks, including the Internet, as a core part of their technology.For example, many telecommunications service providers now offer a suiteof Voice over IP (“VoIP”) services, as well as various data services,that utilize IP networks and/or IP-based wireless access networks (e.g.,access networks based on IEEE 802.16 (“WiMAX”), IEEE 802.20 MobileBroadband Wireless Access (MBWA), Ultra Wideband (UWB), 802.11 wirelessfidelity (“Wi-Fi”), Bluetooth, and similar standards) for at least partof their infrastructure. Likewise, device manufacturers are producingthe next generation of mobile devices (e.g. wireless handhelds, wirelesshandsets, mobile phones, personal digital assistances, notebookcomputers, and similar devices) that are enabled to send and receiveinformation utilizing IP-based telecommunications services. In fact,many of today's modern mobile devices are able to function as “dual-modedevices” that take advantage of both cellular network technologies andIP-based technologies.

Unlicensed Mobile Access (UMA) technology has developed as part of thistrend to incorporate IP solutions into mobile device telecommunicationsystems. UMA technology has recently been accepted into Release 6 of the3rd Generation Partnership Project (3GPP) and is also referred to asGeneric Access Network (GAN) technology. In various implementationschemes, UMA allows wireless service providers to merge cellularnetworks, such as Global System for Mobile Communications (GSM) networksand IP-based wireless networks into one seamless service (with onemobile device, one user interface, and a common set of network servicesfor both voice and data). One goal of UMA is to allow subscribers tomove transparently between cellular networks and IP-based wirelessnetworks with seamless voice and data session continuity, much like theycan transparently move between cells within the cellular network.Seamless in-call handover between the IP-based wireless network and thecellular network ensures that the user's location and mobility do notaffect the services delivered to the user.

At an operational level, UMA technology effectively creates a parallelradio access network, the UMA network, which interfaces to the mobilecore network using standard mobility-enabled interfaces. For example,UMA can replace a system's GSM radio technology on the lower protocollayers with a Wireless LAN, or similar technology. A call or othercommunication may be tunneled to the Mobile Switching Center (MSC) of amobile service provider via an access point (e.g., a Wi-Fi access pointconnected to a modem via the Internet) and gateway (e.g., a UMA networkcontroller). In many cases, the mobile core network remains unchanged,making it much easier to maintain full service and operationaltransparency and allowing other aspects of the service infrastructure toremain in place. For example, in many systems that utilize UMA, theexisting service provider's business support systems (BSS), servicedelivery systems, content services, regulatory compliance systems, andoperation support systems (OSS) can support the UMA network withoutchange. Likewise, service enhancements and technology evolution of themobile core network apply transparently to both cellular access and UMA.

As the incorporation of IP solutions, such as UMA, into mobile devicetelecommunication systems expands, wireless service providers andwireless users may face various obstacles. For example, the transparentnature of IP solutions may prohibit implementing certain subscriptionbased services to mobile devices that access a carrier or other networkvia non-traditional entry points, such as unlicensed networks.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates aspects of a sample network system that allowsVoIP-based communications in conjunction with a public switchedtelephone network (PSTN).

FIG. 2 illustrates an example converged wireless network system thatcombines a cellular network with an IP-based wireless telecommunicationsnetwork.

FIG. 3 illustrates a block diagram that includes components used totransmit, receive, and/or authorize mobile devices.

FIG. 4 is a flow diagram illustrating a routine for authorizing a mobiledevice on a carrier's network.

FIG. 5 is a flow diagram illustrating a routine in a home locationregistry of a carrier's network for authorizing access of the carrier'snetwork from an originating IP network.

DETAILED DESCRIPTION

A system and method for providing subscription type access of a networkto mobile devices seeking access via non-traditional entry points isdescribed. In some examples, components within a network, such as acarrier's network, receive a registration message from a mobile device,determine a type of network the mobile device used to access thenetwork, and, when the network type is an unlicensed network (e.g., IPor wireless network), initiate an authorization process to determinewhether the mobile device is associated with a subscriber of thecarrier's network.

For example, a mobile device may communicate with a wireless accesspoint, such as a Wi-Fi router or femtocell, using one or more radioswithin the device. The access point forms part of a short-range wirelessaccess network. The system, located in a subscription-type network orlicensed spectrum provided by a carrier (such as a cellular or GSMnetwork), receives a message for the device via a base stationcontroller associated with the wireless access network. The systemintercepts the message and reviews and/or parses the message todetermine the type of network originating the message. Depending on thetype of network (that is, how the device received access), the systemmay query a database to determine if the mobile device is associatedwith a subscriber of the carrier's network, and if so, authorize themobile device on the carrier's network.

Thus, the system enables a telecommunication services provider, orcarrier, to provide certain subscription type services to mobile devicesconnecting to their network using IP access networks (such as when notproviding GSM codes/signals used to authorize these services), amongother benefits. For example, the system may assist a carrier inpromoting wireless access of the carrier's network by denying access viatraditional entry points (such as via cellular base stations withinlicensed spectrums) while authorizing access via certain non-traditionalentry points (such as unlicensed access points, including Wi-Fi routersor femtocells). In some cases, when a requesting mobile device includesboth GSM and Wi-Fi radios, the system may identify and/or authorizeaccess to the carrier's network using information from certain accesspoints and using GSM codes (CGI or other information) while denyingaccess via a GSM/CDMA connection at cell sites or other traditionalentry points. In some cases, when a requesting mobile device does notcontain a GSM radio, the system may first identify the type of network(or components within the network) used to access a carrier's networkand initiate an authorization process based on the identification.

The following description provides specific details for a thoroughunderstanding of, and enabling description for, various embodiments ofthe technology. One skilled in the art will understand that thetechnology may be practiced without these details. In some instances,well-known structures and functions have not been shown or described indetail to avoid unnecessarily obscuring the description of theembodiments of the technology. It is intended that the terminology usedin the description presented below be interpreted in its broadestreasonable manner, even though it is being used in conjunction with adetailed description of certain embodiments of the technology. Althoughcertain terms may be emphasized below, any terminology intended to beinterpreted in any restricted manner will be overtly and specificallydefined as such in this Detailed Description section.

Suitable System

FIGS. 1 and 2 show sample network system configurations in which aspectsof mobile device authorization system may be implemented. In general,one purpose of the authorization system is to enable a carrier orservice provider to implement subscription type services to mobiledevices on a carrier's network.

FIGS. 1 and 2 and the following discussion provide a brief, generaldescription of a suitable environment in which the system can beimplemented. Although not required, aspects of the system are describedin the general context of computer-executable instructions, such asroutines executed by a general-purpose data processing device, e.g., aserver computer, wireless device or personal computer. Those skilled inthe relevant art will appreciate that aspects of the system can bepracticed with other communications, data processing, or computer systemconfigurations, including: Internet appliances, hand-held devices(including personal digital assistants (PDAs)), wearable computers, allmanner of cellular or mobile phones, multi-processor systems,microprocessor-based or programmable consumer electronics, set-topboxes, network PCs, mini-computers, mainframe computers, and the like.Indeed, the terms “computer,” “server,” and the like are generally usedinterchangeably herein, and refer to any of the above devices andsystems, as well as any data processor.

Aspects of the system can be embodied in a special purpose computer ordata processor that is specifically programmed, configured, orconstructed to perform one or more of the computer-executableinstructions explained in detail herein. While aspects of the system,such as certain functions, are described as being performed exclusivelyon a single device, the system can also be practiced in distributedenvironments where functions or modules are shared among disparateprocessing devices, which are linked through a communications network,such as a Local Area Network (LAN), Wide Area Network (WAN), or theInternet. In a distributed computing environment, program modules may belocated in both local and remote memory storage devices.

Aspects of the system may be stored or distributed on tangiblecomputer-readable media, including magnetically or optically readablecomputer discs, hard-wired or preprogrammed chips (e.g., EEPROMsemiconductor chips), nanotechnology memory, biological memory, or otherdata storage media. Alternatively, computer implemented instructions,data structures, screen displays, and other data under aspects of thesystem may be distributed over the Internet or over other networks(including wireless networks), on a propagated signal on a propagationmedium (e.g., an electromagnetic wave(s), a sound wave, etc.) over aperiod of time, or they may be provided on any analog or digital network(packet switched, circuit switched, or other scheme).

FIG. 1 illustrates aspects of a sample network system 100 that allowsVoIP-based communications in conjunction with a public switchedtelephone network (PSTN) 102. The system 100 includes at least onewireless access point 104. The access point 104 may be public orprivate, and may be located, for example, in a subscriber's residence(e.g., home, apartment or other residence), in a public location (e.g.,coffee shops, retail stores, libraries, or schools) or in corporate orother private locations. In the sample system of FIG. 1, the accesspoint 104 can accept communications 106 from at least one suitablyconfigured telecommunications device 108 (e.g., a VoIP device). Variousexamples of network technology that may be involved in communicatingbetween the telecommunications device 108 and the access point 104include the IEEE 802.16 (WiMAX), IEEE 802.20 Mobile Broadband WirelessAccess (MBWA), Ultra Wideband (UWB), 802.11 wireless fidelity (Wi-Fi),Bluetooth standards, or other similar standards. The access point 104includes a wireless router 110 and a broadband modem 112 that enableconnection to an Internet Protocol (IP) network 114. The IP network 114may comprise one or more public networks, private networks, orcombination of public and private networks.

In a communication or set of communications 106, the access point 104receives IP packets from the telecommunications device 108. These IPpackets are then transported through the IP network 114 to a signalinggateway 116, which in the example of FIG. 1, is operated by atelecommunications service provider. At the signaling gateway 116, theIP packets are converted to a traditional phone service signal. Thephone service signal is then conveyed to a recipient via the PSTN 102.

The network system 100 of FIG. 1 also includes a call controller 118that provides call logic and call control functions for communicationssent through the system and an application server 120 that provideslogic and execution of one or more applications or services offered bythe telecommunications service provider, such as applications thatimplement various access and security rules. In some examples, aspectsof the authorization system are implemented at the call controller 118and/or application server 120, as described in more detail herein. Inthis example, a telecommunication service provider manages both the callcontroller 118 and the application server 120.

FIG. 2 illustrates a sample network system 200 in which aspects of theauthorization system may be implemented within a cellular telephone-typenetwork. In general, with respect to the network system described inFIG. 2, because the same cellular protocols are used in communicationsinvolving IP access points as with traditional radio towers, thecellular service provider maintains a large degree of systemcompatibility even though using an IP-based network. For example, thevarious systems of the cellular service provider that deliver contentand handle mobility may not even need to be aware that a subscriber'smobile device is on an IP-based wireless telecommunications network.Instead, the various systems of the cellular service provider assume themobile device is on its native cellular network. The IP network is,therefore, abstracted with respect to the cellular network, regardlessof whether the mobile device connects to the cellular network via a basestation (e.g., for licensed spectrum access) or a wireless access point(e.g., for licensed, semilicensed and/or unlicensed spectrum access-suchas spectrums for UMA communications). Likewise, at a protocol level,because the same cellular protocols are used in communications involvingthe IP access points as with traditional radio towers, the cellularservice provider maintains a large degree of system compatibility eventhough using an IP-based network.

Referring to FIG. 2, a sample network system 200 combines a cellulartelephone network 202 (such as a GSM network) and an IP network 204 in aUMA-type configuration that provides service to the user of a convergedmobile device 206 or UMA only mobile device 207. In some examples, thecellular network 202 is considered to be a traditional entry point to atelecommunications network, and the IP network is considered to be anon-traditional entry point to the telecommunications network. Suchservice may include voice services, and also supplementary services likecall forwarding and call waiting, text messaging services like SMS, anddata-based services like ring tone downloads, game downloads, picturemessaging, email and web browsing. Further, since the mobile device 206is connected to an IP network, all manner of data services availableover such networks may be provided to the mobile device 206.

In general, the described network system 200 accepts registrationrequests and communication connections from the mobile device 206. Theaccepted registration requests can be requests to either the cellulartelephone network 202 or to the IP-based network 204. Accordingly, tohandle requests to the cellular telephone network 202, the cellulartelephone network 202 includes one or more cell towers 208 that areconfigured to accept cellular communications 210 from the mobile device206. The cell towers 208 are connected to a base station controller 212(such as a base station controller/radio network controller (BSC/RNC))via a private network 214. The private network 214 can include a varietyof connections (not shown) such as T1 lines, a wide area network (WAN),a local area network (LAN), various network switches, and other similarcomponents.

The base station controller 212 controls communication traffic to acarrier core network 216, where all communications are managed(including both cellular and IP-based). Components of the carrier corenetwork 216 in this example include a mobile switching center (MSC) 218,which is configured to control data/call flows and perform loadbalancing, as well as other functions. The carrier core network 216 mayalso include a variety of system databases such as an operation supportsubsystem (OSS) database 220, a business support system (BSS) database222, and home location register (HLR) 224 or other central subscriberdatabase that contains details of a carrier's subscribers for billing,call logging, etc.

In some examples, a picocell may be communicatively coupled to a basestation in the cellular network. The picocell is a wireless access pointtypically covering a relatively small area, such as within a building(e.g., office, shopping mall, train station, or the like) or within anaircraft, ship, train or other vehicle. A picocell may, for example, beanalogous to a Wi-Fi access point, except that it typically broadcastsusing the licensed spectrum of an associated wireless carrier. Thepicocell serves as an access point for routing communication between thedevice 206 and the network. One or more picocells may be coupled to theBSC by way of wired or wireless connections.

Alternatively or additionally, the IP-based network may include a VoIPbroadcast architecture, UMA or GAN (Generic Access Network) broadcastarchitecture, or a femtocell broadcast architecture. Voice Over InternetProtocol, or VoIP, is a telecommunication system for the transmission ofvoice over the Internet or other packet-switched networks. UnlicensedMobile Access or UMA, is the commercial name of the 3GPP Generic AccessNetwork or GAN standard. Somewhat like VoIP, UMA/GAN is atelecommunication system which extends services, voice, data, and IPMultimedia Subsystem/Session Initiation Protocol (IMS/SIP) applicationsover IP-based networks. For example, a common application of UMA/GAN isin a dual-mode handset service in which device users can seamlessly roamand handover between local area networks and wide area networks using aGSM/Wi-Fi dual-mode mobile phone. UMA/GAN enables the convergence ofmobile, fixed and Internet telephony, sometimes called Fixed MobileConvergence. Femtocells are much like picocells—they broadcast withinthe licensed spectrum of a wireless telecommunications carrier.Femtocells are typically designed for use in residential or smallbusiness environments. Femtocells connects to the service provider'snetwork much like UMA/GAN access points, namely over IP based networks.

These IP-based networks, which may operate over unlicensed spectrums,may include short-range communications networks, relying on short rangewireless communications protocols such as Wi-Fi, Bluetooth, and so on.The ranges of these networks may vary from network to network, but areoften less than 500 meters (e.g., less than 200 meters).

The sample network system 200 of FIG. 2 further includes one or moreaccess points 226 that can accept IP-based communications 228 from themobile device 206. For example, each access point 226 can be configuredas part of a wireless network in one or more locations such as a publicnetwork 230, a home network 232, or a private business network 234. Eachaccess point 226 is coupled to the IP network 204 through, for example,a broadband connection (not shown) such as a DSL (Digital SubscriberLine) modem, a cable modem, a satellite modem, or any other broadbanddevice.

When the mobile device 206 attempts to access the IP network 204 (i.e.,to initiate an IP-based communication), information (e.g., data, voice,SMS, etc.) is initially formatted in the cellular system's 202 nativeprotocol and then encapsulated into Internet Protocol (IP) packets,which are transmitted to the access point 226 and routed through the IPnetwork 204 to a security gateway 236. In contrast to non-IPcommunication requests, such transmissions bypass the cellular telephonesystem's 202 existing network of radio towers. The security gateway 236controls access to a network controller 238, which communicates with adata store 242 for logging and accessing communications data. Thus, onefunction of the network controller 238 is to manage access to thecarrier network 216 when dealing with an IP-based communication (in asimilar manner to that performed by the base station controller 212 fora non-IP-based communication).

In one example, authentication of a request for access by the mobiledevice 206 over the IP network 204 is handled by the security gateway236, which communicates with an authentication, access and authorization(AAA) module 240 that is most likely associated with the carrier network216. Challenges and responses to requests for access by the mobiledevice 206 are communicated between the HLR 224 and the AAA module 240.When authorization is granted, the security gateway 236 communicates theassignment of an IP address to the mobile device 206 that requestedaccess. Once the security gateway 236 passes the IP address to themobile device 206, the public IP address assigned to the mobile device206 is passed to the network controller 238.

In another authorization example, upon receiving an identifier frommobile device 206 or mobile device 207, the network controller 238 mayquery the data store 242 to determine if the mobile device 206 isauthorized for accessing the IP network 204. Sample identifiers that maybe utilized to determine access include a media access control (MAC)address associated with an access point, a mobile device or subscriberidentifier (such as an International Mobile Subscriber Identifier(IMSI)), an Internet Protocol (IP) address (or “Public IP address”)associated with the access point, a fully qualified domain name (FQDN),or other similar types of information. Sample mobile device identifiersmay include a Mobile Identification Number (MIN), a Secret SecurityNumber (SSN), and/or other information stored within memory of a mobiledevice, such as information or codes stored within a SIM of a mobiledevice. The data store 242 may be a single database, table, or list, ora combination of databases, tables, or lists, such as one for IPaddresses 244, one of MAC addresses 246, and one for FQDNs 248. The datastore 242 may include “blocked” identifiers as well as “authorized”identifiers. Authorized accesses to the IP-based wirelesstelecommunications network may be maintained by the network controller238 in an authorized session table or similar data construct.

In some cases, the signaling portion of a communication (e.g., theportion of the communication that governs various overhead aspects ofthe communication such as, for example, when the call starts, when thecall stops, initiating a telephone ring, etc.) is routed through thenetwork controller 238 to the MSC 218, while the voice bearer portion ofthe communication (e.g., the portion of the communication that containsthe actual content (either data or voice information) of thecommunication) is routed through the network controller 238 to a mediagateway 250. In other words, the media gateway 250 controls the contentflow between the service provider and the mobile device 206, while theMSC 218 controls the signaling flow (or controls overhead-related flow)between the service provider and the mobile device 216.

In some cases, the IP-based networks 204 (e.g., UMA networks)incorporate femtocell networks. Similar to VoIP, in femtocell networksvoice communications are packetized and transmitted over the Internet.UMA networks typically feature Wi-Fi access points for receiving andsending voice communications over an unlicensed spectrum; femtocellnetworks typically feature wireless access points broadcasting withinlicensed spectrums of a telecommunications service provider, withconversion of voice communications into IP packets for transmission overthe Internet.

Authorizing Mobile Devices to Telecommunications Networks

As described herein, in some examples the system includes componentsconfigured to authorize mobile devices on networks, regardless of thetype of network used to access the network. The network may be varioustypes of networks, including telecommunications networks, core networks,broadcast networks, cellular networks, licensed networks, unlicensednetworks, and so on. Referring to FIG. 3, a block diagram 300 includingcomponents used to transmit, receive, and/or authorize mobile devices isshown.

An access point 226, such as a Wi-Fi router or femtocell, receivescommunications from a mobile device 206 or 207. The access point 226 mayestablish a communication session with the mobile device 206 or 207, asdiscussed herein with respect to FIG. 2. Via the access point 226, themobile device 206 transmits information, via an IP network 204, to anetwork controller 238 (which may include a controller 212 or componentsconfigured to manage access to a carrier's network and act as acontroller for signaling purposes) residing between the IP network 204and components within a carrier's network, such as a data store 242and/or a database (such as an HLR) 224. In addition to thefunctionalities discussed herein, these components of the carrier'snetwork may also include components configured to authorize a mobiledevice to access services provided by a carrier's network, such as adatabase 310 that includes information for subscribers (and associateddevices) of the network, and one or more software modules 320 storedwithin a memory (such as a computer-readable medium) of the HLR 224.

For example, the modules (or components) 320 may receive registrationmessages associated with mobile devices, parse the registrationmessages, identify a type of access network originating the registrationmessages, and/or transmit queries to the database 310 to check whether amobile device is associated with a subscriber of the carrier's network.The modules 320 may also verify, validate, and/or authorize mobiledevices to the carrier's network, or transmit information to othermodules that indicates a mobile device is authorized. Of course, thesystem may locate the modules 320 outside of the HLR 224, such as inother components of the carrier's network, or as stand alone components.Further details regarding the functionality of the modules 320 arediscussed herein.

In some examples, the system uses information within registrationmessages to determine whether a mobile device is associated with asubscriber of certain services within a carrier's network, such as useof the network, voice communications over the network, data services,and so on. Referring to FIG. 4, a flow diagram illustrating a routine400 for authorizing a mobile device to access services on or through acarrier's network is shown. In step 410, an authorization systemreceives a request from a mobile device to access a carrier's network.The system may receive such a request at a module 320 within an HLR 224,or at other modules within the network. The request may be in the formof a registration message sent to the carrier's network. The request mayinclude information about the mobile device, the type of network used bythe mobile device to access the carrier's network, the components withinthe access network, and so on.

In step 420, the system identifies content within the request associatedwith the type of network used to access the carrier's network. Forexample, the system may identify the access network used by the mobiledevice as being an IP-based network, such as a UMA network. Furtherdetails regarding the content within the request are discussed herein.

Once the system identifies the type of access network as an IP network,the routine 400 proceeds to step 430. Otherwise, routine 400 would endand authorization would proceed as is normal when devices accesscellular networks using cellular base stations and other traditionalentry points. In step 430, the system reviews a database of subscribersto the carrier's network. For example, the system may compareinformation about the mobile device to information stored in a database,such as database 310, of known subscribers. The information may includedevice identification information, such as the information discussedherein, or other information. The system may search or query thedatabase to check for a match of the requesting mobile device and asubscribing mobile device.

In step 440, if the mobile device is associated with a subscriber ofservices provided by the carrier's network (that is, the query resultreturns a match), routine 400 proceeds to step 450, and the systemauthorizes the request to access the carrier's network, else routineproceeds to step 460, and denies the request to access the carrier'snetwork.

As discussed herein, the authorization system may review content withinan access request to determine whether the request originates from amobile device attempting to access a carrier's network via an IPnetwork. Referring to FIG. 5, a flow diagram illustrating a routine 500in a home location registry (or other module) of a carrier's network forauthorizing access of the carrier's network from an originating IPnetwork is shown.

In step 510, the system, via module 320, receives a registration messageassociated with a mobile device having IP communication capabilities.That is, a mobile device (such as a mobile device 207 that only includesIP communication components, a converged IP/GSM device 206, or a GSMonly device) may initiate communications to a carrier's network via anIP access network, which may prompt a base station controller 238 totransmit a registration message to an HLR 224 in order to register themobile device on the carrier's network.

In step 520, the system reviews the content of the registration messageto identify an identity of the base station controller that sent themessage. For example, a component 320 within the HLR 224 may first thereceive the registration message, or intercept the message, and extractfrom the message content, information, and/or data associated with theidentity of an originating base station controller. The extractedinformation may be a point signaling code that identifies the basestation controller, or other similar information. For example, the pointsignaling code includes an originating signaling code, which mayidentify the base station controller that transmits the registrationmessage to the HLR.

In step 530, the system determines the base station controller isassociated with an IP access network. For example, the system mayidentify the base station controller as such via a table, list, or othersuitable data structure stored within the module 320 that includes alist of IP base station controllers.

In step 540, the system checks a database of authorized subscribers tothe carrier's network to determine whether the requesting mobile deviceis associated with an authorized subscriber. For example, the system mayquery a database of known subscribers, such as a database 310, asdiscussed herein, and matches information (such as a MAC address orother information described herein) about the mobile device toauthorized mobile devices.

In step 550, the system authorizes the mobile device to the carrier'snetwork. The system, in step 560, connects the mobile device to thecarrier's network, via the IP-based access network, and providesservices within the network.

Thus, the system is able to authorize the mobile device as beingassociated with a subscriber of the cellular network without receivingGSM information typically used to verify devices on the network (such ascgi information) over traditional entry points to the network (e.g., abase station). The system facilitates a carrier's network authorizingboth GSM and non-GSM based mobile devices on the network, among otherbenefits.

Example Scenarios

Scenario #1: A user purchases a mobile device that only contains a Wi-Firadio. Once at home, the user attempts to place a call via the user'shome router. A carrier's network receives information identifying theuser as well as information identifying the home router as being withina Wi-Fi network, and authorizes the user on the network.

Scenario #2: A user has a data only subscription plan for hissmartphone, where the smartphone includes a Wi-Fi radio and a GSM radio.He enters a coffee shop that provides a Wi-Fi router authorized toaccess a carrier's network. The smartphone establishes a connection withthe Wi-Fi router, and the carrier's network provides voice services overthe Wi-Fi connection without requiring the user to subscribe to theadditional services. However, the carrier's network does not providevoice services over cellular entry points.

Scenario #3: A user attempts to connect to a carrier'stelecommunications network via a home femtocell access point. The systemestablishes a GSM connection between the user's mobile device (whichonly contains a GSM radio)_and the femtocell. The carrier's networkreceives subscriber information (and CGI information) from the user'smobile device and femtocell, as well as information indicating that theuser is accessing the carrier's network via the femtocell. The carrier'snetwork authorizes the user for services based on the subscriberinformation and also authorizes additional services based on theinformation about the femtocell, but does not provide services via thecellular network.

Scenario #4: A user that prepays for services on a carrier's networkattempts to access the network. The carrier receives GSM codes from theuser during initial authorization, indicating the user is a prepaidsubscriber, checks the billing database and determines that thecustomer's account is at or near its limit. The carrier also determinesthat the user's device has established a connection to the carrier'snetwork via both a base station and a wireless access point. The carriercharges free or lower rates for wireless access at such access pointsand, therefore, authorizes the mobile device to receive services via thewireless access point.

Scenario #5: A post paid user who is late in paying a bill attempts toaccess a carrier's network via a base station. The carrier receives GSMcodes from the user during initial authorization, identifies the user asbeing delinquent in paying her bill, and denies access to the network.However, when the user is proximate to a selected wireless access pointand her mobile device establishes a connection to the access point, thecarrier's network receives a request to connect to the network, andauthorizes the request via the wireless access point.

CONCLUSION

Unless the context clearly requires otherwise, throughout thedescription and the claims, the words “comprise,” “comprising,” and thelike are to be construed in an inclusive sense, as opposed to anexclusive or exhaustive sense; that is to say, in the sense of“including, but not limited to.” As used herein, the terms “connected,”“coupled,” or any variant thereof means any connection or coupling,either direct or indirect, between two or more elements; the coupling orconnection between the elements can be physical, logical, or acombination thereof. Additionally, the words “herein,” “above,” “below,”and words of similar import, when used in this application, refer tothis application as a whole and not to any particular portions of thisapplication. Where the context permits, words in the above DetailedDescription using the singular or plural number may also include theplural or singular number respectively. The word “or,” in reference to alist of two or more items, covers all of the following interpretationsof the word: any of the items in the list, all of the items in the list,and any combination of the items in the list.

The above Detailed Description of examples of the system is not intendedto be exhaustive or to limit the system to the precise form disclosedabove. While specific examples for the system are described above forillustrative purposes, various equivalent modifications are possiblewithin the scope of the system, as those skilled in the relevant artwill recognize. For example, while aspects of the system are describedabove with respect to capturing and routing digital images, any otherdigital content may likewise be managed or handled by the systemprovided herein, including video files, audio files, and so forth. Whileprocesses or blocks are presented in a given order, alternativeimplementations may perform routines having steps, or employ systemshaving blocks, in a different order, and some processes or blocks may bedeleted, moved, added, subdivided, combined, and/or modified to providealternative or subcombinations. Each of these processes or blocks may beimplemented in a variety of different ways. Also, while processes orblocks are at times shown as being performed in series, these processesor blocks may instead be performed or implemented in parallel, or may beperformed at different times.

The teachings of the system provided herein can be applied to othersystems, not necessarily the system described above. The elements andacts of the various examples described above can be combined to providefurther implementations of the system.

Other changes can be made to the system in light of the above DetailedDescription. While the above description describes certain examples ofthe system, and describes the best mode contemplated, no matter howdetailed the above appears in text, the system can be practiced in manyways. Details of the system may vary considerably in its specificimplementation, while still being encompassed by the system disclosedherein. As noted above, particular terminology used when describingcertain features or aspects of the system should not be taken to implythat the terminology is being redefined herein to be restricted to anyspecific characteristics, features, or aspects of the system with whichthat terminology is associated. In general, the terms used in thefollowing claims should not be construed to limit the system to thespecific examples disclosed in the specification, unless the aboveDetailed Description section explicitly defines such terms. Accordingly,the actual scope of the system encompasses not only the disclosedexamples, but also all equivalent ways of practicing or implementing thesystem under the claims.

While certain aspects of the system are presented below in certain claimforms, the applicant contemplates the various aspects of the system inany number of claim forms. For example, while only one aspect of thesystem is recited as a means-plus-function claim under 35 U.S.C sec.112, sixth paragraph, other aspects may likewise be embodied as ameans-plus-function claim, or in other forms, such as being embodied ina computer-readable medium. (Any claims intended to be treated under 35U.S.C. §112, ¶6 will begin with the words “means for”, but use of theterm “for” in any other context is not intended to invoke treatmentunder 35 U.S.C. §112, ¶6.) Accordingly, the applicant reserves the rightto add additional claims after filing the application to pursue suchadditional claim forms for other aspects of the system.

1. In a wireless telecommunications system communicating with multiplemobile devices, wherein the wireless telecommunications system includesa converged telecommunications network that employs a coretelecommunications network, a cellular broadcast network and an IP-basedbroadcast network, and wherein subscribers can access the IP-basedbroadcast network via wireless connections between mobile devices andwireless access points forming IP-based wireless local area networks(WLANs), a method performed by the core telecommunications network toauthorize access of a mobile device to services of the coretelecommunications network, the method comprising: receiving aregistration message from the mobile device at a network controllingnode that facilitates communication between the core telecommunicationsnetwork and the IP-based broadcast network, wherein the registrationmessage includes information indicating that the mobile device iscommunicating with the IP-based broadcast network; determining fromcontent included in the received registration message that the mobiledevice is capable of communicating with the core telecommunicationsnetwork via the IP-based access network; and upon determining that themobile device is capable of communicating with the coretelecommunications network via the IP-based broadcast network: searchingfor information in a database of mobile devices authorized tocommunicate over the core telecommunications network, wherein searchingfor information includes searching for information that indicates thatthe mobile device is associated with a subscriber of services providedvia the IP-based broadcast network but not services provided via thecellular broadcast network; determining, based on the indication, thatthe mobile device is associated with a subscriber of services providedvia the IP-based broadcast network, but not a subscriber to servicesprovided via the cellular broadcast network; and permitting the mobiledevice to only receive services via the IP-based broadcast network, butnot to receive services via the cellular broadcast network.
 2. Themethod of claim 1, wherein the content included in the receivedregistration message indicates that the mobile device is only authorizedto access the core telecommunications network via the IP-based accessnetwork.
 3. The method of claim 1, wherein the content included in theregistration messages includes signaling point code for a base stationcontroller within the network controlling node and in communication witha home location registry within the core telecommunications network. 4.The method of claim 1, wherein the registration message is received fromthe network controlling node at a home location registry within the coretelecommunications network.
 5. The method of claim 1, wherein acomponent within a home location registry within the coretelecommunications network receives the registration message from thenetwork controlling node and searches the database of mobile devicesauthorized to communicate over the core telecommunications network forthe mobile device.
 6. A system of tangible components located within ahome location registry of a telecommunications network that permitsmultiple mobile devices to access at least some services offered by orthrough the telecommunications network, the system comprising: an entrypoint identification component in communication with an access network,wherein the access network is in communication with thetelecommunications network and the mobile devices, wherein the mobiledevices seek access to services of or through the telecommunicationsnetwork, and wherein the entry point identification component includes:a message reception component, wherein the message reception componentis configured to receive registration messages from mobile devicesseeking access to the telecommunications network; a message monitoringcomponent in communication with the message reception component, whereinthe message monitoring component is configured to identify base stationcontrollers within the access network transmitting the registrationmessages to the telecommunications network; and a network determinationcomponent, wherein the network determination component is configured todetermine types of networks used by the mobile devices to accessservices of or through the telecommunications network based on theidentified base station controllers; an authorization component incommunication with the network determination component, wherein theauthorization component is configured to check a database of authorizedsubscribers to the telecommunications network associated with the mobiledevices when the network determination component determines the type ofnetwork used by a mobile device to access the telecommunications networkis an IP-based network, wherein the mobile device accesses the IP-basednetwork via unlicensed spectrum; and an access component, wherein theaccess component is configured to establish connections between themobile devices associated with authorized subscribers to thetelecommunications network and the telecommunications network.
 7. Thesystem of claim 6, wherein the access component is further configured toprevent connections between the mobile devices associated withunauthorized subscribers to the telecommunications network and thetelecommunications network, wherein the telecommunications network is aGSM or CDMA network.
 8. The system of claim 6, wherein the networkdetermination component is configured to determine the types of networksused by the mobile devices to access the telecommunications networkbased on identifying signaling point codes from the base stationcontrollers within the received registration messages.
 9. The system ofclaim 6, wherein checking the database of authorized subscribers to thetelecommunications network includes accessing a database located outsideof the home location registry that includes information used toauthorize mobile devices to IP-based access networks.
 10. The system ofclaim 6, wherein checking the database of authorized subscribers to thetelecommunications network includes accessing a database located withinthe home location registry that includes information that relatesauthorized mobile devices to network types associated with theauthorized mobile devices.
 11. The system of claim 6, wherein themessage monitoring component is configured to intercept the receivedregistration messages and transmit the identified identities of the basestation controllers to the network determination component.
 12. A methodfor authorizing access of a telecommunications network by a mobiledevice, the method comprising: receiving, at a core telecommunicationsnetwork, a registration message from a base station controller componentin communication with an IP access network, wherein the IP accessnetwork is in communication with the mobile device, and wherein themobile device seeks access to services of the core telecommunicationsnetwork via the IP access network; determining that the registrationmessage includes content indicating the base station controller formspart of the IP access network; checking a database of mobile devicesauthorized to receive services from the core telecommunications networkfor information associated with the mobile device seeking access toservices of the core telecommunications network; and permitting accessto services of the core telecommunications network only via the IPaccess network when the database of authorized mobile devices includesinformation that the mobile device seeking access to services of thetelecommunications network may only access services of the coretelecommunications network via the IP access network.
 13. The method ofclaim 12, wherein the content includes a point signaling code from thebase station controller.
 14. A method for denying a mobile device accessto a core telecommunications network, the method comprising: receiving,at a home location registry within the core telecommunications network,a registration message from a network controller or base stationcontroller in communication with a mobile device within an IP accessnetwork, wherein the mobile device seeks access to services of the coretelecommunications network via the IP access network, and wherein themobile device accesses the IP-based network via unlicensed spectrum;determining that the registration message includes content indicatingthe network controller or base station controller is within the IPaccess network; checking a database of mobile devices authorized on thecore telecommunications network for information associated with themobile device seeking access to the core telecommunications network; anddenying access to services of the core telecommunications network whenthe check of the database of authorized mobile devices does not identifyinformation associated with the mobile device seeking access to thetelecommunications network.
 15. The method of claim 14, wherein thecontent includes a point signaling code from the base stationcontroller.
 16. A tangible computer-readable medium, wherein the mediumis not a signal, for use within a telecommunications network, whereincontents of the computer-readable medium, when executed, cause anauthorization system to perform a method for authorizing mobile devicesto access services from the network, the method comprising: interceptinga request from a mobile device to access services from thetelecommunications network; determining a point of entry to thetelecommunications network by the mobile device, wherein thetelecommunications network has a set of entry points, and wherein aproper subset of entry points include at least one wireless accesspoint; and when the determined point of entry includes the at least onewireless access point, then authorizing the mobile device access toservices of the telecommunications network via the predetermined accesspoint, but denying access to services of the telecommunications networkvia other points of entry, wherein the mobile device communicates withthe access point via unlicensed spectrum.
 17. The computer-readablemedium of claim 16, wherein determining a point of entry to thetelecommunications network includes: identifying information associatedwith the mobile device that indicates the mobile device is capable ofaccessing the telecommunications network via a licensed wireless pointof entry; and identifying information associated with the interceptedrequest that indicates the request originates from a network controllerin communication with an unlicensed wireless access point.
 18. Thecomputer-readable medium of claim 16, wherein the at least one wirelessaccess point is a Wi-Fi access point.
 19. The computer-readable mediumof claim 16, further comprising receiving information identifying anunlicensed access point to the telecommunications network andauthorizing access based at least in part on the received information.20. In a wireless telecommunications system communicating with multiplemobile devices, wherein the wireless telecommunications system includesa converged telecommunications network that employs both a cellularnetwork and an IP-based network, and wherein mobile device users canaccess the IP-based network via wireless connections between mobiledevices and wireless access points that forms IP-based wireless localarea networks (WLANs), a method performed by the wirelesstelecommunications system to provide access to the convergedtelecommunications network, the method comprising: receiving within theconverged telecommunications network a registration message associatedwith a mobile device capable of communicating over both the cellularnetwork and the IP-based network, wherein the registration messageincludes identification information that identifies the mobile device tothe converged telecommunications network; denying access to servicesprovided by the cellular network of the converged telecommunicationsnetwork based on the included identification information; but permittingaccess to services provided by the IP-based network of the convergedtelecommunications network based on the included identificationinformation.
 21. The method of claim 20, wherein permitting access toservices of the converged telecommunications network includesauthorizing a wireless access point within the IP-based network toestablish a connection between the mobile device and the convergedtelecommunications network based on information associated with thewireless access point.
 22. The method of claim 20, wherein the cellularnetwork includes a femtocell and the converged telecommunicationsnetwork only permits GSM communications between the mobile device andthe converged telecommunications network via the femtocell.
 23. Themethod of claim 20, wherein the IP-based network includes a Wi-Fi routerand the converged telecommunications network only permits communicationsbetween the mobile device and the converged telecommunications networkvia the Wi-Fi router.
 24. The method of claim 20, wherein the convergedtelecommunications network permits access to a first service via theIP-based network and permits access to a second service via the cellularnetwork.
 25. A system for authorizing access of a telecommunicationsnetwork by a mobile device, the method comprising: means for receiving,at a core telecommunications network, a registration message from a basestation controller in communication with a mobile device within an IPaccess network, wherein the mobile device seeks access to the coretelecommunications network via the IP access network; means fordetermining that the registration message includes content indicatingthe base station controller is within the IP access network; means forchecking a database of mobile devices authorized on the coretelecommunications network for information associated with the mobiledevice seeking access to the core telecommunications network; and meansfor permitting access to the core telecommunications network only viathe IP access network when the database of authorized mobile devicesincludes information associated with the mobile device seeking access tothe telecommunications network.